Problems with /etc/cron.d/certbot on Debian

Posted on May 6, 2020 at 11:04 pm

If you are using certbot (Let’s Encrypt) with Nginx on Debian Buster you may have encountered problems in auto-renewal of your certificates. This may be because the /etc/cron.d/certbot didn’t actually execute, ore information can be read here:

It looks like that if the directory /run/systemd/system/ exists it won’t execute the renew command, because you are running systemd. It won’t run the renew command because there is a systemd timer that was configured when you installed the certbot package.

The certbot timer should be located on /lib/systemd/system/certbot.timer and it will execute the command specified on /lib/systemd/system/certbot.service file. The certbot.timer will execute the certbot.service twice daily, precisely at 12 am and 12 pm.

This is the content of /lib/systemd/system/certbot.timer:

Description=Run certbot twice daily
OnCalendar=*-*-* 00,12:00:00

And this is the content of /lib/systemd/system/certbot.service:

ExecStart=/usr/bin/certbot -q renew

Instead, you should use this script (works better):

Automatically Renew Let’s Encrypt Certificates (Nginx)

Receive updates via email

Other Posts

Updated Posts